CN108293054B - Electronic device and method for biometric authentication using social network - Google Patents

Electronic device and method for biometric authentication using social network Download PDF

Info

Publication number
CN108293054B
CN108293054B CN201680070378.6A CN201680070378A CN108293054B CN 108293054 B CN108293054 B CN 108293054B CN 201680070378 A CN201680070378 A CN 201680070378A CN 108293054 B CN108293054 B CN 108293054B
Authority
CN
China
Prior art keywords
user
biometric
computer
authentication request
social media
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201680070378.6A
Other languages
Chinese (zh)
Other versions
CN108293054A (en
Inventor
M·张
L·戈尔德贝格
N·穆姆
S·齐米斯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Visa International Service Association
Original Assignee
Visa International Service Association
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Visa International Service Association filed Critical Visa International Service Association
Publication of CN108293054A publication Critical patent/CN108293054A/en
Application granted granted Critical
Publication of CN108293054B publication Critical patent/CN108293054B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/01Social networking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Economics (AREA)
  • Tourism & Hospitality (AREA)
  • Primary Health Care (AREA)
  • Marketing (AREA)
  • Human Resources & Organizations (AREA)
  • Software Systems (AREA)
  • Collating Specific Patterns (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)

Abstract

The technology described herein includes systems and methods of biometric authentication using dynamically updated biometric templates derived from social media content of a user. In some embodiments, the service provider computer receives an authentication request that includes biometric data provided by a user using a user device. Social media content associated with a user may be received by a service provider computer from a social networking service computer. In an embodiment, the service provider computer may generate a biometric template for the user based on the received social media content, wherein the biometric template is continually updated based on new social media content shared by the user. The service provider computer may determine a confidence score based on a comparison of the biometric data and the biometric template. The service provider computer may verify the user's authentication request based at least in part on the confidence score.

Description

Electronic device and method for biometric authentication using social network
Cross Reference to Related Applications
This application is international application No. 14/970,361 filed on 15/12/2015 as filed on the filing date of this application and claiming the benefit of the filing date thereof, the entire contents of which are incorporated herein by reference for all purposes.
Background
Identity spoofing within the consumer transaction services industry has become a problem. For example, many consumers may complete a transaction by using a consumer device (e.g., a mobile phone or laptop) without having to visit a physical merchant or present a physical payment card. In some examples, a user may initiate a payment transaction by a consumer device at a point-of-sale terminal, in a remote payment environment, or online through an e-commerce web page. Some consumer device initiated transactions may require biometric authentication to verify the identity of the user. Some previously implemented systems attempt to reduce fraud in these transactions by using biometric authentication using a stored static biometric template (static biometric template). For example, a static biometric template (e.g., based on a fingerprint) may be stored on the user device and compared against a match with recently submitted biometric data, making it more difficult for a fraudster to subvert authentication. However, these methods of biometric authentication may use an irrevocable biometric template that cannot be adjusted or updated based on the age or activity of the user the service is attempting to authenticate. Thus, a fraudster may obtain a sample of biometric data (e.g., a fingerprint) and fraudulently identify the user in comparing the biometric data to a static or irrevocable biometric template. Also, the system that stores the biometric template on the payment transaction server or merchant computer may be easily breached, thus breaching any protection afforded by requesting biometric authentication.
Embodiments of the present invention address these and other problems, individually or collectively.
Disclosure of Invention
In some embodiments of the present invention, systems and methods for biometric authentication are provided. The biometric authentication system may utilize a biometric template from a social media network provider that is generated based at least in part on social media content shared by or associated with the user. The system may enhance the determination of the identity of the user by using revocable biometrics to generate biometric templates that reflect changes to the user due to age or activity. In some embodiments, biometric data provided by the user during the authentication process may be matched against the dynamic biometric template to verify the identity of the user. The dynamic biometric template may be generated and stored on the user device, a server of a social media network provider, or a service provider computer. In some embodiments, the comparison or determination of the confidence score representing the match between the biometric data provided by the user in the authentication process and the dynamic biometric template may be performed on the user device, on a server of the social media network provider, or on a service provider computer. The confidence score may be compared to a threshold to determine that the identity of the user is verified or authenticated.
Some embodiments of the invention relate to a method for biometric authentication, the method including receiving, by a server computer from an access device, an authentication request including biometric data provided by a user. The method may also include transmitting, by the server computer, the biometric data to a social network server computer. The social network server computer may then compare the user's biometric data to the biometric template to calculate a confidence score. In some embodiments, the biometric template may be generated based at least in part on social media content shared by the user on a website provided by a social network server computer. The method may also include receiving, by the server computer, a confidence score from the social network server computer, and verifying the authentication request based at least in part on the confidence score.
In some embodiments, the method may further include creating a spoof score based at least in part on the confidence score and the threshold, and updating the spoof database with the spoof score. The spoofed database may be maintained by the server computer.
In some embodiments, the authentication request is in the form of an authorization request message requesting authorization of a payment transaction, and wherein the method further comprises transmitting, by the server computer, an authorization response message to the access device.
In some embodiments, the method may further include determining, by the server computer, the threshold value for the payment transaction based at least in part on transaction information provided by a merchant associated with the payment transaction. In some embodiments, the threshold is updated based at least in part on social media content shared by the user.
In some embodiments, the method may further include calculating a confidence score based at least in part on the information indicative of the activity level of the user at the website provided by the social network server computer.
In some embodiments, the social media content shared by the user on the website includes at least one of: video content, audio content, image content, text content, user-provided input, or user-provided activity at the website.
In some embodiments, the biometric data is provided by the user through a user device. In some embodiments, the method may further include dynamically updating the biometric template based on new social media content shared by the user on the website provided by the social network server computer.
Some embodiments of the invention relate to a method for biometric authentication, comprising: an authentication request of a user associated with an access device is received at a server computer from the access device, wherein the authentication request includes biometric data provided by the user. The method may also include receiving, by the server computer from a social networking service computer, social media content associated with the user. The method may also include generating, by the server computer, a biometric template of the user based at least in part on the social media content. In some embodiments, the biometric template may be continuously updated based at least in part on new social media content associated with the user. The method may include determining, by the server computer, a confidence score based at least in part on the biometric data and the biometric template, and verifying, based at least in part on the confidence score, an authentication request of the user.
In some embodiments, the method may further include selecting, by the server computer, one threshold from one or more thresholds to validate the authentication request based at least in part on the information identifying the characteristic of the authentication request.
In some embodiments, the biometric template is updated at periodic intervals.
Other embodiments of the invention also relate to a server and a system configured to perform the above method.
These and other embodiments of the present invention are described in more detail below.
Drawings
Various embodiments according to the present disclosure will be described with reference to the accompanying drawings, in which:
FIG. 1 illustrates an example system showing an authentication process for generating a biometric template comprising a number of components from a user's social media content using a server-implemented biometric authentication system, in accordance with some embodiments of the present invention;
FIG. 2 illustrates a block diagram of a user device computer, in accordance with some embodiments of the invention;
FIG. 3 illustrates a block diagram of a social media provider computer, in accordance with some embodiments of the present invention;
FIG. 4 illustrates a diagram illustrating an example technique of biometric authentication using a dynamic biometric template, according to some embodiments of the invention;
FIG. 5 illustrates a diagram illustrating an example technique of biometric authentication using a dynamic biometric template, according to some embodiments of the invention;
FIG. 6 illustrates a diagram illustrating an example technique of biometric authentication using a dynamic biometric template, according to some embodiments of the invention;
FIG. 7 illustrates a block diagram of an exemplary payment system, in accordance with some embodiments of the invention; and
fig. 8 illustrates aspects of elements that may be present in a computer device and/or system configured to implement methods and/or processes of biometric authentication according to some embodiments of the invention.
Detailed Description
Before discussing embodiments of the invention, some terminology may be used to aid in understanding embodiments of the invention.
"payment means" may include any suitable device capable of effecting a payment. For example, the payment device may include a card including a credit card, a debit card, a gift card, or any combination thereof. The payment device may be used in conjunction with a consumer device, user device, or user computer device as further defined below.
"Payment processing network" (e.g., Visanet)TM) May include data processing subsystems, networks, and operations to support and provide authorization services, exception file services, and clearing and settlement services. An exemplary payment processing network may include VisaNetTM. Payment processing networks such as VisanetTMCredit card transactions, debit card transactions, and other types of commercial transactions can be processed. VisanetTMSpecifically including a VIP system (Visa integrated payment system) that processes authorization requests and a Base II system that performs clearing and settlement services.
An "authorization request message" may be an electronic message sent to an authorization system, such as a payment processing network, and/or an issuer computer requesting authorization for a transaction. The authorization request message is an example of a transaction message. The authorization request message according to some embodiments may conform to ISO 8583, ISO 8583 being a standard of systems for exchanging electronic transaction information associated with payments made by consumers using payment devices or payment accounts. The authorization request message may include a Primary Account Number (PAN), an expiration date, a service code, a CVV, and other data from the payment device. In some embodiments of the invention, the authorization request message may include a payment token (e.g., a substitute account number or pseudo account number), a validity date, a token presentation mode, a token requestor identifier, application cryptogram, and insurance level data. The payment token may include a payment token issuer identifier, which may be a substitute for the issuer's actual issuer identifier. For example, the actual issuer identifier may be part of a BIN range associated with the issuer. The authorization request message may also include additional data elements, including (by way of example only): a service code, CVV (card verification value), dCVV (dynamic card verification value), expiration date, etc.
The "authorization response message" may be an electronic message reply to an authorization request message generated by the authorization system. The authorization response message may include an authorization code, which may be a code returned by the authorization system (either directly or through the payment processing network) in response to receiving the authorization request message. The authorization response message is received at the merchant's access device (e.g., POS terminal) and can indicate approval or denial of the transaction by the authorization system.
A "server computer" may be a powerful computer or cluster of computers. For example, a server computer may be a mainframe, a minicomputer cluster, or a group of servers that function as a unit. The server computer may be associated with an entity such as a payment processing network, wallet provider, merchant, authentication cloud, acquirer, or issuer. The user device computer, social network provider computer, or service provider computer may all be examples of a server computer.
An "access device" may include a device that allows communication with a remote computer, and may include a device that allows a consumer to pay a merchant in exchange for goods or services. The access means may comprise hardware, software or a combination thereof. Examples of access devices include point-of-sale (POS) terminals, mobile phones, tablets, laptop or desktop computers, user device computers, user devices, and the like.
"biometric data" includes data that can be used to uniquely identify an individual based on one or more intrinsic physiological or behavioral characteristics. For example, the biometric data may include retinal scan and tracking data (i.e., eye movement and tracking with the user's eyes in focus). Other examples of biometric data include digital photographic data (e.g., facial recognition data), digital voice data (e.g., voice recognition data), deoxyribonucleic acid (DNA) data, palm print data, palm geometry data, and iris recognition data.
A "biometric template" may be a digital reference of features extracted from one or more biometric samples. In some embodiments, the biometric samples may be derived from social media content shared by or associated with the user. In some embodiments, the biometric template may be derived from biometric data. Biometric templates, as used herein, include biometric templates of revocable and non-revocable features associated with a user, such as facial images and voice samples. An example of a non-revocable feature associated with a user includes a fingerprint. The biometric template is used in a biometric authentication process. Data from a biometric sample provided by a user at the time of authentication may be compared to the biometric template to determine whether the provided biometric template closely matches the biometric template.
The "resource providing entity" may be an entity that provides resources during a transaction. For example, the resource providing entity may be a merchant, a venue operator, a building owner, a government entity, and so forth.
An "authentication request" includes a request to authenticate a person or environment. The authentication request may be an electronic message sent to a service provider computer or authorization system (e.g., a payment processing network and/or an issuer computer) to request verification of the user's identity. In some embodiments, the authentication request may be an instance of an authorization request message, which is an instance of a transaction message. The authorization request may include biometric data provided by the user to verify the user's identity before the transaction or authentication request message is generated. In some embodiments, the authentication request includes access device or user computer device identification information, user location information, network access information, or an application request. As described herein, the identity of the user may be verified after receiving the authentication request by comparing the provided biometric data to a biometric template generated using social media content shared by or associated with the user.
"social media content" includes any suitable activity shared or provided by a user in conjunction with a social media service provided or hosted by a social media provider. For example, social media content may include any image, video, text, audio, user activity, link, or activity uploaded by a user using a website or software application provided by a social media provider. Moreover, social media content may include appropriate content shared or provided by a user at a social media service, including video content, audio content, image content, text content, user-provided input, or user-provided activity at a website or application associated with the social media service. In some embodiments, the social media content may be associated with or provided by users using applications provided by social media providers. Examples of social media providers include Facebook, Instagram, Twitter, Snapchat, Etsy, Myspace, Google Plus, or any suitable social media channel.
A "confidence score" may include a value or metric that represents trust in a particular situation. For example, the confidence score may relate to a degree of similarity between biometric data provided by the user and a dynamic biometric template derived from social media content. In some embodiments, the confidence score represents the degree to which the biometric data closely matches the biometric template. In some embodiments, the confidence score may be compared to one or more thresholds maintained by the service provider or the payment processing network to determine whether to verify the user identity as part of the payment transaction process. In embodiments, the confidence scores may be modified based on information indicative of activity levels of the respective users at their associated social media networks. For example, the confidence scores may be weighted more heavily if the user is active and providing a large amount of data to the social media sources, while the confidence scores may be weighted differently if the user is less active and not sharing much information through the associated social media network.
The "user device" may be any type of computing device such as, but not limited to, a mobile phone, a smart phone, a Personal Digital Assistant (PDA), a laptop computer, a desktop computer, a server computer, a thin client device, a tablet PC, a vehicle such as an automobile, and the like. Additionally, the user device may be any type of wearable technology device, such as a watch, headset, glasses, and the like. The user device may include one or more processors capable of processing user input. The user device may also include one or more input sensors for receiving user input. As is known in the art, there are various input sensors, such as accelerometers, cameras, microphones, etc., that are capable of detecting user input. The user input obtained by the input sensor may be from a variety of data input types, including but not limited to audio data, visual data, or biometric data. The user device may comprise any electronic device operable by a user that may also provide remote communication capabilities with a network. Examples of remote communication capabilities include the use of a mobile telephone (wireless) network, a wireless data network (e.g., 3G, 4G, or the like), Wi-Fi, Wi-Max, or any other communication medium that can provide network access such as the internet or a private network.
In the following description, various embodiments will be described. For purposes of explanation, specific configurations and details are set forth in order to provide a thorough understanding of the embodiments. However, it will also be apparent to one skilled in the art that embodiments may be practiced without the specific details. In addition, well-known features may be omitted or simplified in order not to obscure the described embodiments.
Technologies described herein include systems and platforms for biometric authentication. The biometric authentication system may utilize a biometric template from a social media network provider that is generated based at least in part on social media content shared by or associated with the user. The system may enhance the determination of the identity of the user by using revocable biometrics to generate biometric templates that reflect changes to the user due to age or activity. In some embodiments, biometric data provided by the user during the authentication process may be matched against the dynamic biometric template to verify the identity of the user.
FIG. 1 illustrates an exemplary system according to an embodiment of the present invention.
Embodiments of the invention may include an authentication process using a server-implemented biometric authentication system in which a biometric template including a number of components is generated from social media content of a user, according to some embodiments of the invention. The process 100 illustrated in fig. 1 includes the user 102 submitting biometric data 106 with the access device 104 as part of an authentication request 108 to authenticate the user 102 or the access device 104. For example, for a payment process, the authentication request 108 may be part of a payment transaction. As illustrated in fig. 1, the user 102 submits biometric data 106 (a picture of the user's face) to a service provider computer 112. In some embodiments, the service provider computer 112 implements or provides resources to implement the features of biometric authentication as described herein. In other embodiments, the service provider computer 112 may be associated with an issuer of the payment instrument, a payment processing network associated with the payment instrument, a trusted third party, a digital wallet provider, a token requestor, and/or any other appropriate entity. In some embodiments, the user 102 may submit the biometric data 106 for authorization using a component, software, or hardware capability of the access device 104. For example, in fig. 1, the user 102 may take a self-photograph or a picture of himself with the camera of the access device 104 to submit with the authentication request 108.
Previously, the user 102 may have provided his own digital video 116 (or one or more pictures) to a social network server computer 118 over the network 110 using the user device 114. Submission of social media content (e.g., digital video 116) to the social network server computer 118 may occur before, after, simultaneously with, or asynchronously with the authentication request 108 by the user. In some embodiments, the social network server computer 118 may store social media content (i.e., digital video 116) provided by the user 102 or associated with the user 102 in a social media content database 120. It should be noted that although FIG. 1 illustrates a user making an authentication request 108 with an access device 104 and a user device 114 submitting, sharing, or providing social media content, embodiments described herein include a user 102 submitting social media content and an authentication request 108 using either device (104 or 114). In some embodiments, the social network server computer 118 may provide, host, or maintain social media websites or software applications that the user 102 may use to submit, provide, or share social media content. The social network server computer 118 may maintain and update the social media content of each of the plurality of users sharing content using the services provided by social media in the social media content database 120.
In some embodiments, the service provider computer 112 may authenticate or verify the identity of the user 102 in response to receiving the authentication request 108. The service provider computer 112 may request, receive, or obtain social media content (i.e., digital video 116) provided by the user 102 from a social network server computer 118 via the network 110. In some embodiments, the service provider computer 112 may receive social media content associated with the user 102 from the social network server computer 118 by invoking an Application Program Interface (API) call provided by the social network server computer 118 to share this information with an entity, such as the service provider computer 112. In some embodiments, the service provider computer 112 and the social network server computer 118 may perform some form of authentication to ensure that sensitive data is not provided to undesired parties. Further, the service provider computer 112 and the social network server computer 118 may communicate the requested data through encrypted communications using a public-private encryption key pair shared between the service provider computer 112 and the social network server computer 118.
In some embodiments, the service provider computer 112 may generate a dynamic biometric template 122 using social media content associated with the user 102 to compare with the submitted biometric data 106. In some embodiments, the service provider computer 112 may calculate a confidence score that represents a degree or similarity of match between the biometric data 106 and the dynamic biometric template 122. The use of the dynamic biometric template 122 accounts for revocable biometric features of the user 102 (e.g., facial image data or voice data of the user 102). The use of revocable patterns may benefit the user, ensuring a greater degree of authentication and verification, as revocable patterns such as facial image recognition are enhanced over time with the user's face. Also, a stronger dynamic biometric template 122 may be generated based on the amount of social media content associated with the user, and the stronger dynamic biometric template 122 may account for differences in the manner in which biometric content is captured (i.e., lighting conditions and facial expressions). The service provider computer 112 may maintain the dynamic biometric template 122 and continually update (e.g., daily, each time a new image or video is provided, monthly, etc.) the dynamic biometric template 122 based on new or updated social media content received from the social network server computer 118. The dynamic biometric template 122 may be periodically updated by the service provider computer 112.
In some embodiments, the service provider computer 112 may determine the authentication response 124 based on the confidence score and the threshold. For example, the service provider computer 112 may maintain one or more thresholds for the authentication request based on characteristics of the authentication request or payment transaction. The first threshold may be used based on information identifying the location of the user 102 or the access device 104 requesting the authentication 108. For payment transactions that exceed or fall below a certain amount, a second threshold may be used. Other examples of thresholds are described herein. In an embodiment, the authentication response 124 may indicate that the identity of the user 102 or the access device 104 is verified. In some embodiments, the authentication response 124 may be used as part of the authentication request message and authentication response message payment processing or payment transaction process. In some embodiments, the service provider computer 112 may generate a fraud score based on a comparison of the confidence score and a threshold. The spoof score may represent when the authentication request is verified or not verified. The fraud scores for multiple users' authentication requests may be tracked by the service provider computer 112 and continuously updated based on new authentication requests. In some embodiments, the service provider computer 112 may take one or more actions based on the spoof score, such as notifying the merchant, the issuer, and the user that may be spoofed.
In some embodiments, the social network server computer 118 may generate and save the dynamic biometric template 122, perform a comparison of the biometric data 106 and the dynamic biometric template 122, and calculate a confidence score that is subsequently provided to the service provider computer 112, as described herein. In some embodiments, the access device 104 or the user device 114 may be configured to generate and save the dynamic biometric template 122, perform a comparison of the biometric data 106 with the dynamic biometric template 122, and calculate a confidence score using an application provided by the service provider computer 112. Network 110 may include a wireless network, Wi-FI, Wi-Max, wireless data network (e.g., 3G, 4G, or the like), or any other communication medium that may provide access to a public or private network.
FIG. 2 illustrates a block diagram of a user device computer 200, according to some embodiments of the invention. The user device computer 200 includes an input/output interface 202, a memory 204, a processor 206, and computer-readable media 208. The user device computer 200 may be one example of the access device 104 of fig. 1.
An input/output (I/O) interface 202 is configured to receive and transmit data. For example, the I/O interface 202 may receive the user-submitted biometric data 106 from the access device 104 (fig. 1), or user-provided social media content shared with the social network server computer 118 (fig. 1). In another example, the I/O interface 202 may communicate the biometric data 106 to the service provider computer 112 (fig. 1) or the social network server computer 118 (fig. 1). The I/O interface 202 may also be used for direct interaction with the service provider computer 112 or the social network server computer 118. The I/O interface 202 may accept input from an input device such as, but not limited to, a keyboard, keypad, camera, microphone, mouse, or any other suitable input hardware and/or software associated with the user device computer 200 for capturing biometric data. Further, the I/O interface may display output on a display device.
The memory 204 may be any magnetic, electronic or optical memory. It is to be appreciated that the memory 204 can include any number of memory modules. An example of memory 204 may be a Dynamic Random Access Memory (DRAM).
Processor 206 may be any general purpose processor operable to execute instructions on user device computer 200. The processor 206 is coupled to other elements of the user equipment computer 200, including the input/output interface 202, the memory 204, and the computer readable medium 208.
The computer-readable medium 208 may be any magnetic, electronic, optical, or other computer-readable storage medium. The computer-readable storage medium 208 includes a service provider module 210, an authentication module 212, and a social media networking module 214.
The service provider module 210 may be configured, when executed by the processor 206, to generate a dynamic biometric template using social media content associated with the user, calculate a confidence score based on a comparison of the submitted biometric data to the dynamic biometric template, and generate an authentication request to verify the identity of the user or the user device computer 200. After receiving the authentication request, the service provider module 210 may obtain and process biometric data provided by the user requesting authentication. The service provider module 210 may then calculate a confidence score that compares the biometric data to the generated dynamic biometric template. The service provider module 210 may facilitate various data transmission and reception by interfacing with the I/O interface 202. In some embodiments, the service provider module 210 may generate and save the dynamic biometric template in an offline mode or depending on the network conditions of the user device computer 200. For example, when the user device computer 200 is not connected to an available network (offline mode) or periodically connected to a network as described above with reference to fig. 1, the content received by the social media network module 214 may be used to update and/or generate a dynamic biometric template.
The social media networking module 214 may be configured to, when executed by the processor 206, request, receive, or obtain social media content from a social media networking server or social media provider computer. Social media content may be provided or associated with the user authenticating the request. The social media networking module 214 may generate a dynamic biometric template based at least in part on the social media content. The type of dynamic biometric template generated and stored may be based on biometric data submitted by the user through the service provider module 210 during the authentication request. The social media network module 214 may store the biometric template in the memory 204 or in the computer-readable storage medium 208 in a protected sector that is accessible only by the social media network module 214. The social media network module 214 may save and update biometric templates based on new social media content provided by the user or shared by the user in the social media network. In an embodiment, the biometric template may be stored in a secure element of the user device. The secure element may comprise one or associated components of a user device that has been authenticated as secure by an authentication service provider as described herein. The service provider may maintain root access to the secure element and manage the lifecycle of the secure element, including creating a security domain, sharing access keys with the issuer.
The authentication module 212 may be configured to, when executed by the processor 206, generate an authentication response or verify an authentication request based on the confidence score calculated by the service provider module 210 and one or more thresholds. The authentication module 212 may maintain a plurality of thresholds for authenticating authentication requests on behalf of a user or user device. In some embodiments, the authentication module 212 may be configured to select an appropriate threshold for authentication purposes. The authentication module 212 may use the location information identified in the social media content from the social media networking module 214 to select an appropriate threshold to compare to the calculated confidence score. For example, the user may have interacted with a social networking application to provide input regarding a merchant at a particular location. Authentication requests associated with the same merchant or merchant location may then be processed by module 210 and 214.
A higher or lower threshold suitable for determining authentication may be selected using social media activity for the merchant or the merchant location user. In embodiments where the authentication request is part of the payment transaction process, the authentication module 212 may select a particular threshold based on the amount of the transaction. For example, a higher threshold may be selected for large dollar transactions (> $ 300.00) and a lower threshold may be selected for small dollar transactions (< $ 50.00). In some embodiments, using biometric authentication, a biometric template is dynamically generated from social media content when a user registers or elects to join a service described herein, the user may set preferences for amounts and thresholds as described herein. In some embodiments, in addition to submitting biometric data, authentication module 212 may generate a request for secondary authentication from the user. For example, for certain authentication requests or payment transaction processes, the authentication module 212 may request that the user submit a password, PIN, or answer a security question.
FIG. 3 illustrates a block diagram of a social media provider computer 300, according to some embodiments of the invention. The social media provider computer 300 includes an input/output interface 302, a memory 304, a processor 306, and a computer-readable medium 308. The social media provider computer 300 may be an example of the social network server computer 118 of FIG. 1.
Input/output (I/O) interface 302 is configured to receive and transmit data. For example, the I/O interface 302 may receive user-submitted biometric data 106 or user-submitted social media content (i.e., digital video 116 from the user device 114 and the user 102) (fig. 1) from the access device 104 (fig. 1). In another example, the I/O interface 302 may transmit the calculated confidence score or the dynamically generated biometric template to the service provider computer 112 (fig. 1) or the access device 104 (fig. 1). The I/O interface 302 may also be used for direct interaction with the service provider computer 112 or the access device 104. The I/O interface 302 may accept input from an input device such as, but not limited to, a keyboard, keypad, camera, microphone, mouse, or any other suitable input hardware and/or software associated with the social media provider computer 300 for capturing biometric data, or a network interface for receiving and processing social media content provided or shared by a user. Further, the I/O interface may display output on a display device.
The memory 304 may be any magnetic, electronic or optical memory. It is understood that memory 304 may include any number of memory modules. An example of the memory 304 may be a Dynamic Random Access Memory (DRAM).
Processor 306 may be any general purpose processor operable to execute instructions on user device computer 300. The processor 306 is coupled to the other elements of the social media provider computer 300, including the input/output interface 302, the memory 304, and the computer readable medium 308.
The computer-readable medium 308 may be any magnetic, electronic, optical, or other computer-readable storage medium. The computer-readable storage medium 308 includes a dynamic biometric template module 310, a social media module 312, and a biometric comparison module 314.
The social media module 312 may be configured to, when executed by the processor 306, receive and process social media content shared and/or provided by a website or software application provided by and/or associated with the social media provider computer 300 by a user. In some embodiments, the social media module 312 may save and update social media content provided/shared by the user. The social media module 312 may be configured to classify social media content based on file type or content type. For example, the social media module 312 may store various types of social media content, such as image content, video content, audio content, text content, uploaded content, a user's social media networking activity or interactivity, or any other suitable content associated with a social media website or software application. In some embodiments, the social media module 312 may store the user's social media content in the computer-readable storage media 308 or in a database associated with or accessed by the social media provider computer 300.
The dynamic biometric template module 310 may be configured, when executed by the processor 306, to receive and process an authentication request of a user or user device as described herein. The dynamic biometric template module 310 may generate, save, and update a dynamic biometric template for a user based at least in part on social media content from the social media module 312. The dynamic biometric template module 310 may generate and maintain a plurality of dynamic biometric templates based on the biometric data and the social media content provided by the user. For example, if the user only submits a digital image, including the user's face, the dynamic biometric template module 310 may only generate and save a dynamic biometric template of the user's facial image. The dynamic biometric template module 310 may periodically update the dynamic biometric template based on new or different social media content associated with the user. The dynamic biometric template module 310 may store the dynamic biometric template in the computer-readable storage medium 308.
The biometric comparison module 314 may be configured, when executed by the processor 306, to compare biometric data submitted with an authentication request submitted by a user or user device with a dynamically generated biometric template from the dynamic biometric template module 310. In some embodiments, the biometric comparison module 314 may calculate or determine a confidence score that represents a degree of match or similarity between the user's biometric data and the biometric template dynamically generated by the user's authentication request. In some embodiments, the biometric comparison module 314 may facilitate various transfers of the calculated confidence scores by interfacing with the I/O interface 302. For example, the biometric comparison module 314 may transmit the calculated confidence score for the match between the biometric data and the biometric template to the service provider computer 112 or the access device 104. The confidence score may be communicated to the service provider computer 112 or a software application on the access device 104 provided by the service provider computer 112 for verifying the authentication response and providing the authentication response as described herein. In some embodiments, the module 310 and 314 may be configured to perform the same capabilities as the module 210 and 214, and the module 210 and 214 may be configured to perform the same capabilities as the module 310 and 314.
Fig. 4 illustrates a flow diagram illustrating an example technique for biometric authentication using a dynamic biometric template, according to some embodiments of the invention. The order in which the operations are described is not intended to be construed as a limitation, and any number of the described operations can be omitted or combined in any order and/or in parallel to perform the process and any other processes described herein.
Some or all of process 400 (or any other process described herein, or variations and/or combinations thereof) may be performed under the control of one or more computer systems configured with executable instructions and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more application programs). In accordance with at least one embodiment, the process 400 of FIG. 4 (as well as other figures herein) may be performed by at least one or more computer systems including the access device 104, the user device 114, the service provider computer 112, the social network server computer 118 (FIG. 1), the user device computer 200 including the module 210 and 214, or the social media provider computer 300 including the module 310 and 314. The code may be stored on a computer-readable storage medium, for example in the form of a computer program comprising a plurality of instructions executable by one or more processors. The computer readable storage medium may be non-transitory.
Process 400 may include, at 402, a user uploading, sharing, or providing social media content (e.g., videos, images, text, pictures, links, interactivity, etc.) to a social networking computer associated with a social media provider. In some embodiments, process 400 may include, at 404, a user initiating authentication of himself or a user device. The user may provide biometric data (i.e., a picture of himself taken by the user device) using hardware features associated with the user device. In some embodiments, the authentication may be part of a payment transaction and include information about the transaction. In some examples, the authentication request may be transmitted by the access device or directly by the user device to the service provider computer. In some embodiments, the user device is configured to use a software application provided by the service provider computer during an enrollment step or an initialization process of the user device at the service provider computer to provide biometric data and generate a dynamic biometric template for authentication.
Process 400 may include, at 406, a software application of a user device receiving or obtaining social media content associated with a user from a social networking computer. In some embodiments, the user device and software application may receive social media content from a particular social network associated with the user or from multiple social networks to which the user provides or shares content. The process 400 may include, at 408, the user device and the software application generating a biometric template using social media content associated with the user. The dynamic biometric template may be updated as the user shares or provides more social media content. The user device may store the biometric template for future authentication requests and save multiple biometric templates to change biometric modes (e.g., eye, facial image, voice recognition).
The process 400 may also include, at 410, the user providing the biometric sample to the user device, and then the user device and the service provider application comparing the biometric data provided by the user to the generated biometric template.
In some embodiments, the process 400 may include, at 412, the user device and the software application calculating or determining a confidence score for the comparison of the biometric data to the generated biometric template. The confidence score may represent a degree of similarity between biometric data provided by the user and a biometric template generated from social media content associated with the user. In some embodiments, process 400 may include, at 414, the user device and the software application providing the confidence score to the service provider computer. Process 400 may include, at 416, the service provider authenticating the user or user device by using the confidence score and threshold for authentication as described herein. Although fig. 4 illustrates the user device and software application providing the confidence score to the service provider computer for the authentication process, in some embodiments, the user device and software application may be configured to authenticate the user with the confidence score and one or more thresholds stored on the user device. After authenticating the user device, the user device and the access device may provide transaction information regarding the transaction, such as merchant identification information, transaction amount, product identifier, or other suitable transaction information, to the service provider computer in conjunction with the verified user device information for payment processing transactions as described herein.
Fig. 5 illustrates a flow diagram illustrating an example technique for biometric authentication using a dynamic biometric template, according to some embodiments of the invention.
Some or all of process 500 (or any other process described herein or variations and/or combinations thereof) may be performed under control of one or more computer systems configured with executable instructions and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more application programs). According to at least one embodiment, the process 500 of FIG. 5 may be performed by at least one or more computer systems including the access device 104, the user device 114, the service provider computer 112, the social network server computer 118 (FIG. 1), the user device computer 200 including the module 210 and 214, or the social media provider computer 300 including the module 310 and 314. The code may be stored on a computer-readable storage medium, for example in the form of a computer program comprising a plurality of instructions executable by one or more processors. The computer readable storage medium may be non-transitory.
Process 500 may include, at 502, a user uploading, sharing, or providing social media content (e.g., videos, images, text, pictures, links, interactivity, etc.) to a social networking computer associated with a social media provider. In some embodiments, process 500 may include, at 504, a user initiating authentication of himself or a user device. The user may provide biometric data (i.e., a picture of himself taken by the user device) using hardware features associated with the user device. In some embodiments, the authentication may be part of a payment transaction and include information about the transaction. In some examples, the authentication request may be transmitted by the access device or directly by the user device to the service provider computer. In some embodiments, the user device is configured to use a software application provided by the service provider computer during an enrollment step or an initialization process of the user device at the service provider computer to provide biometric data and generate a dynamic biometric template for authentication. The user device and the access device may initiate an authentication request process as part of the payment transaction processing as described herein. For example, in response to interacting with a merchant's POS terminal (access device), the user may receive a prompt to provide biometric data. As another example, in response to ordering an item in an e-commerce environment (online merchandise purchase), a user may be prompted to receive a request to provide biometric data through a user device. The process 500 may include, at 506, the user device providing biometric data of the authentication request to the social networking computer.
The process 500 may include, at 508, the social media provider generating a dynamic biometric template for the user based on social media content associated with the user. In some embodiments, a particular social media provider and associated social network computer may be selected by the user for the biometric authentication process. In some instances, the service provider may select an appropriate social network computer and social media provider based on the user's activities in the associated social media network. The dynamic biometric template may be continuously updated as the user shares or provides more social media content to the social networking computer. The social network computer may update and save the biometric template for future authentication requests and save a plurality of biometric templates for changing biometric patterns (e.g., eyes, facial images, voice recognition). In some embodiments, the social networking computer may save and update the biometric templates of the user and the plurality of users in an associated database or data repository. In some embodiments, the social network computer may pre-generate a biometric template that is communicated to a service provider computer or user device for use in saving and updating the dynamic biometric template.
In some embodiments, process 500 may include, at 510, the social network computer comparing biometric data provided by the user to a biometric template and generating a confidence score for the comparison. The confidence score may represent a degree of similarity between biometric data provided by the user and a biometric template generated from social media content associated with the user. The process 500 may include, at 512, the social network computer providing the calculated confidence score to the service provider computer. In some embodiments, process 500 may include, at 514, the service provider verifying authentication of the user and the user device, or authenticating a payment transaction, based on the confidence score. Process 500 may also include, at 516, the service provider transmitting an authentication response message indicating verification or non-verification of the user device. In some embodiments, the service provider computer may use the confidence score and the threshold generated by the social network computer to determine whether to authenticate the user device. In some embodiments, authentication of the user device may be part of a payment processing transaction, and the service provider may generate and transmit an authorization response as described herein.
Fig. 6 illustrates a flow diagram illustrating an example technique for biometric authentication using a dynamic biometric template, according to some embodiments of the invention.
Some or all of process 600 (or any other process or variation and/or combination of processes described herein) may be performed under control of one or more computer systems configured with executable instructions and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more application programs). According to at least one embodiment, the process 600 of FIG. 6 may be performed by at least one or more computer systems including the access device 104, the user device 114, the service provider computer 112, the social network server computer 118 (FIG. 1), the user device computer 200 including the module 210 and 214, or the social media provider computer 300 including the module 310 and 314. The code may be stored on a computer-readable storage medium, for example in the form of a computer program comprising a plurality of instructions executable by one or more processors. The computer readable storage medium may be non-transitory.
In some embodiments, process 600 may include, at 602, a user initiating authentication of himself or a user device. The user may provide biometric data (i.e., a picture of himself taken using the user device) using hardware features associated with the user device in the authentication request. In some embodiments, the authentication may be part of a payment transaction and include information about the transaction. In some examples, the authentication request may be transmitted through the access device or directly by the user device to the merchant computer at 604 as part of the payment transaction authentication. In an embodiment, the merchant computer may be configured to transmit the authentication request to the service provider computer for verification purposes. In some embodiments, the user device is configured to use a software application provided by the service provider computer during an enrollment step or an initialization process of the user device at the service provider computer to provide biometric data as part of a biometric authentication process described herein.
Process 600 may include, at 606, the service provider computer receiving or obtaining social media content associated with the user from a social network computer. In some embodiments, process 600 includes, at 608, the service provider computer generating a dynamic biometric template using social media content associated with the user from the social network computer. The dynamic biometric template may be updated when the user shares or provides more social media content and the service provider computer receives the social media content. The service provider computer may store biometric templates for future authentication requests and multiple biometric templates for changing biometric patterns (i.e., eyes, facial images, voice recognition). Process 600 may also include, at 610, the service provider computer comparing biometric data provided by the user to the generated biometric template.
The process 600 also includes, at 612, the service provider determining a confidence score representing a degree of similarity between the biometric data provided by the user and a biometric template generated from social media content associated with the user. In some embodiments, process 600 may include, at 614, the service provider computer authenticating the user or user device by using the confidence score and a threshold for authentication as described herein. In some examples, in embodiments that include a payment transaction as described herein, the service provider computer may provide a verification or authentication determination to the user device, the access device, or the merchant computer. In some embodiments, the service provider computer may communicate a confidence score for the comparison between the biometric data and the biometric template to the user device or the access device. In some embodiments, the service provider computer may maintain authentication history information identifying the period of time the authentication request was made and the results of the authentication request (including the calculated confidence score and the threshold for the particular authentication request). In embodiments, the service provider computer may generate or maintain one or more thresholds based on characteristics associated with historical authentication requests. For example, the information identifying the characteristic may include: information about the user device used to provide the biometric data of the authentication request, information about a first time period between authentication requests, information about a second time period between authentication requests using a particular type of biometric data (facial image versus voice recognition) or location data of the user device used to provide the biometric data. In some embodiments, the service provider computer may use the confidence score and one or more thresholds for verification and authentication purposes as described herein.
Fig. 7 illustrates a block diagram of an exemplary payment system that may use the biometric authentication system described herein, according to some embodiments of the invention. The system 700 may include a payment device 720, an access device 730, a merchant computer 735, an acquirer computer 730, a payment processing network computer 740, and an issuer computer 550. In some embodiments, the different entities in FIG. 7 may communicate with each other using one or more communication networks, such as the Internet, a cellular network, a TCP/IP network, or any other suitable communication network. Note that one or more entities in system 700 may be associated with a computer device that may be implemented with some of the components described with reference to fig. 8. The system shown in fig. 7 and the payment process described below may be integrated with the authentication flow illustrated and described with reference to any of fig. 4-6.
The payment device 720 may be associated with a payment account of the user. In some embodiments, the payment device 720 may be a mobile device, e.g., a mobile phone, a tablet, a PDA, a laptopA key card, a vehicle such as a car, or any suitable mobile device. In some embodiments, payment device 720 may be a wearable device, for example, which may be, but is not limited to, a smart watch, a fitness bracelet, a foot chain, a ring, an earring, and the like. For example, the payment device 720 may include a virtual wallet or payment application that may be associated with one or more payment accounts of the user. In some implementations, the payment device 720 may be capable of using, for example, Wi-FiTMOr BluetoothTMCommunicates with the access device 730. For example, the payment device 720 may interact with the access device 730 by establishing a connection with the access device 730 using a wireless data protocol. In some embodiments, payment device 720 may be a plastic card associated with a user account.
The access device 730 may be an access point to a transaction processing system that may include an acquirer computer 730, a payment processing network computer 740, and an issuer computer 750. In some implementations, access device 730 may be associated with or operated by merchant computer 735. For example, the access device 730 may be a point-of-sale device that may include a contactless reader, an electronic cash register, a display device, and the like. In some implementations, the access device 730 may be configured to send information relating to one or more items purchased at the merchant 735 to the acquirer 730 or the payment processing network 740. In some implementations, the access device 730 may be a personal computer that the user may use to initiate a transaction (e.g., an online transaction) with the merchant computer 725. In some implementations, the access device may be configured to interface with a biometric reader to obtain biometric data pertaining to a user-provided biometric sample.
The acquirer computer 730 may be operated by an acquirer. An acquirer is typically a system of entities (e.g., banks) that have a business relationship with a particular merchant, wallet provider, or another entity. The acquirer computer 730 may be communicatively coupled to the merchant computer 735 and the payment processing network 740, and may open and manage financial accounts for merchants. The acquirer computer 730 may be configured to route authorization requests for transactions to the issuer computer 750 via the payment processing network computer 740 and route authorization responses received via the payment processing network computer 740 to the merchant computer 735.
The payment processing network computer 740 may be configured to provide authorization services for payment transactions as well as clearing and settlement services. The payment processing network computer 740 may include a data processing subsystem, a wired or wireless network, including the Internet. Examples of payment processing network computers 740 include
Figure GDA0003250702500000191
Figure GDA0003250702500000192
Operational VisanetTM. Payment processing networks such as VisanetTMCredit card transactions, debit card transactions, and other types of commercial transactions can be processed. VisanetTMSpecifically including a V isa integrated payment (VIP) system that processes authorization requests and a Base II system that performs clearing and settlement services. The payment processing network computer 740 may include a server computer. In some implementations, the payment processing network computer 740 can forward the authorization request received from the acquirer computer 730 to the issuer computer 750 over a communication channel. The payment processing network computer 740 may also forward authorization response messages received from the issuer computer 750 to the acquirer computer 730. In some implementations, the payment processing network 740 may operate the service provider computer 112 (fig. 1) or provide a software application configured to run on the module 210 and 214 of the access device 104, the user device 114 (fig. 1), or the user device computer 200 (fig. 2).
The issuer computer 750 may represent an account issuer and/or issuer processor. Typically, the issuer computer 750 may be associated with a business entity (e.g., a bank) that issues an account and/or payment card (e.g., credit account, debit account, etc.) for a user payment transaction. In some implementations, a business entity (bank) associated with the issuer computer 750 may also serve the role of an acquirer (e.g., acquirer computer 730).
In some embodiments of the invention, the issuer computer 750 and/or the payment processing network computer 740 may operate as an authorization system. For example, once the user is successfully authenticated via biometric authentication using a dynamically generated biometric template derived from social media content associated with the user and biometric data provided by the user as disclosed herein, the transaction may be authorized by the issuer computer 750 and/or the payment processing network computer 740.
The various entities in system 700 may communicate with each other via an interconnected network 760 (e.g., the Internet).
In some embodiments, the access device 730 may include or have a biometric reader coupled thereto. After the payment device 720 interacts with the access device 730, the access device 730 may receive a biometric sample from the user as described above and may authenticate the user before allowing the user to proceed with the payment transaction. Alternatively or additionally, the payment device 720 may request user authentication as described above and may receive a confidence score as described above. Once the user is authenticated, the access device 730 may generate or obtain a confidence score from a remote computer or from a payment device, and may then generate an authorization request message, which may be transmitted to the issuer 750 through the acquirer 730 and the payment processing network 740. In some embodiments, the issuer 750, the acquirer 730, and/or the payment processing network 750 may receive the confidence score and may deny the transaction if the confidence score is not satisfactory. The issuer 750 may then authorize the transaction and may return an authorization response message to the access device 730 through the payment processing network 740 and the acquirer 730. The clearing and settlement process may occur at the end of the day or any other suitable time period.
In some embodiments, user device computer 200 (fig. 2) may be used to submit a biometric sample or biometric data from a user to initiate authorization and verification of the user's identity prior to generating an authorization request message. In some embodiments, the user device computer 200 (fig. 2) may provide a biometric sample or biometric data from the user to the access device 730, which then the access device 730 subsequently provides to the payment processing network 740 for authentication using a dynamically generated biometric template derived from social media content associated with the user.
The various parties and elements described herein with reference to fig. 1-6 may operate on one or more computer devices to facilitate the functionality described herein. Any of the elements of fig. 1-6, including any servers or databases, may use any suitable number of subsystems to facilitate the functions described herein.
An example of such a subsystem or component is shown in fig. 8. The subsystems shown in fig. 8 are interconnected via a system bus 802. Additional subsystems such as a printer 804, keyboard 806, fixed disk 808 (or other memory including computer-readable media), monitor 810 coupled to display adapter 812, and other devices are also shown. Peripherals and input/output (I/O) devices, which couple to an I/O controller 814 (which can be a processor or any suitable controller), can be connected to the computer system by any means known in the art, such as a serial port 816. For example, serial port 816 or external interface 818 may be used to connect the computer device to a wide area network (e.g., the internet), a mouse input device, or a scanner. The interconnection via system bus allows the central processor 820 to communicate with each subsystem and to control the execution of instructions from the system memory 822 or the fixed disk 808 and the exchange of information between subsystems. The system memory 822 and/or the fixed disk 808 may be embodied as computer-readable media.
Embodiments of the present invention have many advantages. For example, the user's most recent biometric template may be saved because the biometric template may be continuously updated with social media images (e.g., photos, videos). Such up-to-date biometric templates may be used to authenticate a user for any suitable type of transaction, including payment transactions, transactions to access (e.g., to a venue or location), or transactions to obtain resources (e.g., documents or access to data). Moreover, because data from the social network is utilized, embodiments of the present invention do not require significant changes to existing systems, such that embodiments of the present invention may be implemented without difficulty.
Any of the software components or functions described in this application may be implemented as software code executed by a processor using, for example, conventional or object-oriented techniques, and using any suitable computer language such as, for example, Java, C + +, or Perl. The software code may be stored as a series of instructions or commands on a computer readable medium, such as a Random Access Memory (RAM), a Read Only Memory (ROM), a magnetic medium, such as a hard disk or a floppy disk, or an optical medium, such as a CD-ROM. Any such computer-readable media may reside on or within a single computing device, and may exist on or within different computing devices within a system or network.
The above description is illustrative and not restrictive. Many variations of the invention will become apparent to those skilled in the art upon reading the present disclosure. The scope of the invention should, therefore, be determined not with reference to the above description, but instead should be determined with reference to the pending claims along with their full scope or equivalents.
One or more features of any embodiment may be combined with one or more features of any other embodiment without departing from the scope of the invention.
The recitation of "a", "an" or "the" is intended to mean "one or more" unless explicitly indicated to the contrary. "
All patents, patent applications, publications, and descriptions mentioned above are incorporated herein by reference in their entirety for all purposes. They are not admitted to be prior art.

Claims (17)

1. A method for biometric authentication, comprising:
receiving, by a server computer, an authentication request, the authentication request including biometric data provided by a user;
transmitting, by the server computer, the biometric data to a social networking server computer, wherein the social networking server computer thereafter compares the user's biometric data to a biometric template to calculate a confidence score based at least in part on first information indicative of the user's activity level at a website provided by the social networking server computer, the biometric template dynamically generated in response to receiving the biometric data and based at least in part on social media content shared by the user on the website provided by the social networking server computer, the biometric template configured to be updated based at least in part on updated social media content shared by the user;
receiving, by the server computer, the confidence score from the social network server computer;
identifying, by the server computer, a threshold from one or more thresholds based at least in part on a plurality of characteristics associated with the authentication request, the plurality of characteristics including a period of time between the authentication request using a particular type of the biometric data and a prior authentication request using the particular type of biometric data, and further including a current location of the user during the authentication request; and
validating the authentication request based at least in part on the confidence score and the identified threshold.
2. The method of claim 1, further comprising:
creating a spoof score based at least in part on the confidence score and a spoof threshold; and
updating a spoof database using the spoof score, the spoof database maintained by the server computer.
3. The method of claim 1, wherein the authentication request is received from an access device, and wherein the authentication request is in the form of an authorization request message requesting authorization of a transaction, and wherein the method further comprises transmitting, by the server computer, an authorization response message to the access device.
4. The method of claim 3, further comprising determining, by the server computer, the threshold value for the transaction.
5. The method of claim 4, wherein the threshold is updated based at least in part on the social media content shared by the user.
6. The method of claim 1, wherein the social media content shared by the user on the website comprises at least one of: video content, audio content, image content, text content, user-provided input, or user-provided activity at the website.
7. The method of claim 1, wherein the biometric data is provided by the user through a user device.
8. An electronic device, comprising:
a processor; and
a memory comprising instructions that, when executed with the processor, cause the electronic device to at least:
receiving an authentication request, the authentication request including biometric data provided by a user;
receiving, from a social networking server computer, social media content associated with the user of the electronic device, the social media content being shared on a social networking website provided by the social networking server computer, and first information indicative of an activity level of the user at the social networking website;
generating a biometric template based at least in part on social media content of the user, the biometric template dynamically updated based on new social media content associated with the user;
determining a confidence score for a comparison of biometric data to the biometric template based at least in part on the authentication request of the user and the first information, the confidence score representing a degree of similarity between the biometric data and the biometric template;
identifying a threshold from one or more thresholds based at least in part on a plurality of characteristics associated with the authentication request, the plurality of characteristics including a period of time between the authentication request using a particular type of the biometric data and a prior authentication request using the particular type of biometric data, and further including a current location of the user during the authentication request; and
verifying the authentication request of the user based at least in part on the confidence score and the identified threshold.
9. The electronic device of claim 8, wherein the instructions, when executed with the processor, cause the electronic device to further perform at least: social media content associated with the user is requested from a particular social networking server computer, the particular social networking server providing particular social networking software.
10. The electronic device of claim 8, wherein the dynamically updated biometric template is stored in a protected area of a memory of the electronic device.
11. The electronic device of claim 10, wherein the instructions, when executed with the processor, cause the electronic device to further perform at least: receiving a selection of particular social media content by the user for use in generating the biometric template.
12. The electronic device of claim 8, wherein the biometric data comprises at least one of: voice samples, iris scans, palm geometry, or facial image samples.
13. The electronic device of claim 8, wherein generating the biometric template occurs during an offline mode or based on a network connection condition of the electronic device.
14. A method for biometric authentication, comprising:
receiving, at a server computer, an authentication request of a user associated with an access device, the authentication request including biometric data provided by the user;
receiving, by the server computer from a social networking service computer, social media content associated with the user, the first information indicating an activity level of the user at the social networking service computer;
generating, by the server computer, a biometric template for the user based at least in part on the social media content, the biometric template being continuously updated based at least in part on new social media content associated with the user;
determining, by the server computer, a confidence score based at least in part on the comparison of the biometric data and the biometric template and the first information;
identifying a threshold from one or more thresholds based at least in part on a plurality of characteristics associated with the authentication request, the plurality of characteristics including a period of time between the authentication request using a particular type of the biometric data and a prior authentication request using the particular type of biometric data, and further including a current location of the user during the authentication request; and
validating the user's authentication request based at least in part on the confidence score and the identified threshold.
15. The method of claim 14, wherein the information identifying characteristics of the authentication request comprises at least one of: user device information regarding the access device used to provide biometric data from the user, a first time period between authentication requests, or a location of the user device used to provide biometric data from the user.
16. The method of claim 14, wherein the biometric template is pre-generated by the social networking service computer, and wherein the server computer updates the biometric template by incorporating the pre-generated biometric template.
17. The method of claim 14, wherein generating the biometric template comprises updating the biometric template at periodic intervals.
CN201680070378.6A 2015-12-15 2016-10-21 Electronic device and method for biometric authentication using social network Active CN108293054B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US14/970,361 US10291610B2 (en) 2015-12-15 2015-12-15 System and method for biometric authentication using social network
US14/970,361 2015-12-15
PCT/US2016/058129 WO2017105626A1 (en) 2015-12-15 2016-10-21 System and method for biometric authentication using social network

Publications (2)

Publication Number Publication Date
CN108293054A CN108293054A (en) 2018-07-17
CN108293054B true CN108293054B (en) 2021-12-28

Family

ID=59020403

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201680070378.6A Active CN108293054B (en) 2015-12-15 2016-10-21 Electronic device and method for biometric authentication using social network

Country Status (6)

Country Link
US (2) US10291610B2 (en)
EP (1) EP3391617A4 (en)
CN (1) CN108293054B (en)
AU (1) AU2016372661A1 (en)
RU (1) RU2018125933A (en)
WO (1) WO2017105626A1 (en)

Families Citing this family (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10489785B1 (en) * 2014-04-15 2019-11-26 United Services Automobile Association (Usaa) Systems and methods for distributed currency management
US11256792B2 (en) 2014-08-28 2022-02-22 Facetec, Inc. Method and apparatus for creation and use of digital identification
US10915618B2 (en) * 2014-08-28 2021-02-09 Facetec, Inc. Method to add remotely collected biometric images / templates to a database record of personal information
US10291610B2 (en) 2015-12-15 2019-05-14 Visa International Service Association System and method for biometric authentication using social network
CN106921636B (en) * 2015-12-28 2020-05-08 华为技术有限公司 Identity authentication method and device
WO2017151815A1 (en) * 2016-03-01 2017-09-08 Google Inc. Facial template and token pre-fetching in hands free service requests
US20170255940A1 (en) * 2016-03-01 2017-09-07 Mastercard International Incorporated Systems, methods, apparatus, and computer-readable media for age verification
US10706446B2 (en) * 2016-05-20 2020-07-07 Facebook, Inc. Method, system, and computer-readable medium for using facial recognition to analyze in-store activity of a user
US20170345001A1 (en) * 2016-05-27 2017-11-30 Bank Of America Corporation Failed resource usage monitor and remediation system
US9801066B1 (en) * 2016-06-02 2017-10-24 Duo Security, Inc. Method for automatic possession-factor authentication
US10769634B2 (en) * 2016-06-13 2020-09-08 Mastercard International Incorporated Systems and methods for use in approving transactions, based on biometric data
US10740751B1 (en) * 2016-12-20 2020-08-11 Wells Fargo Bank, N.A. Secure transactions in social media channels
SG10201610686SA (en) * 2016-12-20 2018-07-30 Mastercard International Inc Systems and methods for processing a payment transaction authorization request
US10628851B2 (en) * 2016-12-29 2020-04-21 Facebook, Inc. Analyzing and converting unstructured networking system communications
US10911441B2 (en) 2017-01-18 2021-02-02 CertifID LLC Verifying party identities for secure transactions
EP3410330B1 (en) * 2017-05-31 2021-07-21 Mastercard International Incorporated Improvements in biometric authentication
WO2019022698A1 (en) * 2017-07-24 2019-01-31 Visa International Service Association System, method, and computer program product for authenticating a transaction
CN112385180A (en) * 2018-07-03 2021-02-19 蒂诺克股份有限公司 System and method for matching identity and readily available personal identifier information based on transaction time stamp
US11216541B2 (en) * 2018-09-07 2022-01-04 Qualcomm Incorporated User adaptation for biometric authentication
US11315571B2 (en) 2018-11-28 2022-04-26 Visa International Service Association Audible authentication
KR20200100481A (en) * 2019-02-18 2020-08-26 삼성전자주식회사 Electronic device for authenticating biometric information and operating method thereof
US10402641B1 (en) * 2019-03-19 2019-09-03 Capital One Services, Llc Platform for document classification
US11115419B2 (en) * 2019-04-06 2021-09-07 International Business Machines Corporation Identity attribute confidence scoring while certifying authorization claims
CN111917693A (en) * 2019-05-10 2020-11-10 董云鹏 Network identity authentication system for dynamically identifying digital identity
US11153308B2 (en) 2019-06-27 2021-10-19 Visa International Service Association Biometric data contextual processing
US10789347B1 (en) 2019-07-18 2020-09-29 Alibaba Group Holding Limited Identification preprocessing
CN110457882B (en) * 2019-07-18 2020-10-30 创新先进技术有限公司 Identity recognition preprocessing and identity recognition method and system
CN110704823A (en) * 2019-09-10 2020-01-17 平安科技(深圳)有限公司 Data request method, device, storage medium and electronic equipment
CN111597468B (en) * 2020-05-08 2023-08-18 腾讯科技(深圳)有限公司 Social content generation method, device, equipment and readable storage medium
CN112232443B (en) * 2020-11-20 2023-11-24 中国联合网络通信集团有限公司 Identity authentication method, device, equipment and storage medium
US11544961B2 (en) * 2020-11-30 2023-01-03 Shenzhen GOODIX Technology Co., Ltd. Passive three-dimensional face imaging based on macro-structure and micro-structure image sizing
CN113313789B (en) * 2021-05-28 2024-04-26 维沃移动通信有限公司 File generation method and device and electronic equipment
US20220400108A1 (en) * 2021-06-09 2022-12-15 Capital One Services, Llc Tokenizing authentication information
US20230316270A1 (en) * 2022-03-30 2023-10-05 Mastercard International Incorporated Apparatus, system and method for on-device mutlifactor authentication security

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6819219B1 (en) * 2000-10-13 2004-11-16 International Business Machines Corporation Method for biometric-based authentication in wireless communication for access control
WO2007143441A2 (en) * 2006-05-31 2007-12-13 Solidus Networks, Inc. System and architecture for merchant integration of a biometric payment system
CN101216884A (en) * 2007-12-29 2008-07-09 北京中星微电子有限公司 A method and system for face authentication
CN101523428A (en) * 2006-08-01 2009-09-02 Q佩控股有限公司 Transaction authorisation system and method
CN101773394A (en) * 2010-01-06 2010-07-14 中国航天员科研训练中心 Identification method and identification system using identification method
WO2011017653A1 (en) * 2009-08-07 2011-02-10 Google Inc. Facial recognition with social network aiding
CN102004908A (en) * 2010-11-30 2011-04-06 汉王科技股份有限公司 Self-adapting face identification method and device
CN102067555A (en) * 2008-06-20 2011-05-18 皇家飞利浦电子股份有限公司 Improved biometric authentication and identification
US8185646B2 (en) * 2008-11-03 2012-05-22 Veritrix, Inc. User authentication for social networks
US8255698B2 (en) * 2008-12-23 2012-08-28 Motorola Mobility Llc Context aware biometric authentication
US8661516B2 (en) * 2011-05-27 2014-02-25 Fujitsu Limited Biometric authentication device and biometric authentication method
CN104112116A (en) * 2011-06-30 2014-10-22 深圳市君盛惠创科技有限公司 Cloud server
CN104168270A (en) * 2014-07-31 2014-11-26 腾讯科技(深圳)有限公司 Identity verifying method, server, client side and system
CN204791050U (en) * 2015-04-01 2015-11-18 北京市商汤科技开发有限公司 Authentication equipment
WO2015183394A1 (en) * 2014-05-30 2015-12-03 Ebay Inc. Systems and methods for implementing transactions based on facial recognition
CN105144216A (en) * 2013-03-15 2015-12-09 维萨国际服务协会 Snap mobile security apparatuses, methods and systems

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7565329B2 (en) 2000-05-31 2009-07-21 Yt Acquisition Corporation Biometric financial transaction system and method
US8159328B2 (en) * 2008-07-16 2012-04-17 George William Luckhardt Biometric authentication and verification
US10217085B2 (en) * 2009-06-22 2019-02-26 Nokia Technologies Oy Method and apparatus for determining social networking relationships
US20110209192A1 (en) * 2010-02-25 2011-08-25 Leclerc Greer Katelyn M Biometric social networking
US8824749B2 (en) 2011-04-05 2014-09-02 Microsoft Corporation Biometric recognition
US9038634B2 (en) * 2011-06-22 2015-05-26 Breathe Technologies, Inc. Ventilation mask with integrated piloted exhalation valve
US20160219046A1 (en) * 2012-08-30 2016-07-28 Identity Validation Products, Llc System and method for multi-modal biometric identity verification
EP2765529B1 (en) * 2013-02-12 2021-11-17 Canon Europa N.V. A method of authenticating a user of a peripheral apparatus, a peripheral apparatus, and a system for authenticating a user of a peripheral apparatus
US20140268280A1 (en) * 2013-03-15 2014-09-18 Ideal Innovations Incorporated Color and Pattern Identifying and Highlighting Lenses
US9367676B2 (en) 2013-03-22 2016-06-14 Nok Nok Labs, Inc. System and method for confirming location using supplemental sensor and/or location data
US20150358318A1 (en) * 2014-06-06 2015-12-10 Mary A Spio Biometric authentication of content for social networks
US10291610B2 (en) 2015-12-15 2019-05-14 Visa International Service Association System and method for biometric authentication using social network

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6819219B1 (en) * 2000-10-13 2004-11-16 International Business Machines Corporation Method for biometric-based authentication in wireless communication for access control
WO2007143441A2 (en) * 2006-05-31 2007-12-13 Solidus Networks, Inc. System and architecture for merchant integration of a biometric payment system
CN101523428A (en) * 2006-08-01 2009-09-02 Q佩控股有限公司 Transaction authorisation system and method
CN101216884A (en) * 2007-12-29 2008-07-09 北京中星微电子有限公司 A method and system for face authentication
CN102067555A (en) * 2008-06-20 2011-05-18 皇家飞利浦电子股份有限公司 Improved biometric authentication and identification
US8185646B2 (en) * 2008-11-03 2012-05-22 Veritrix, Inc. User authentication for social networks
US8255698B2 (en) * 2008-12-23 2012-08-28 Motorola Mobility Llc Context aware biometric authentication
WO2011017653A1 (en) * 2009-08-07 2011-02-10 Google Inc. Facial recognition with social network aiding
CN101773394A (en) * 2010-01-06 2010-07-14 中国航天员科研训练中心 Identification method and identification system using identification method
CN102004908A (en) * 2010-11-30 2011-04-06 汉王科技股份有限公司 Self-adapting face identification method and device
US8661516B2 (en) * 2011-05-27 2014-02-25 Fujitsu Limited Biometric authentication device and biometric authentication method
CN104112116A (en) * 2011-06-30 2014-10-22 深圳市君盛惠创科技有限公司 Cloud server
CN105144216A (en) * 2013-03-15 2015-12-09 维萨国际服务协会 Snap mobile security apparatuses, methods and systems
WO2015183394A1 (en) * 2014-05-30 2015-12-03 Ebay Inc. Systems and methods for implementing transactions based on facial recognition
CN104168270A (en) * 2014-07-31 2014-11-26 腾讯科技(深圳)有限公司 Identity verifying method, server, client side and system
CN204791050U (en) * 2015-04-01 2015-11-18 北京市商汤科技开发有限公司 Authentication equipment

Also Published As

Publication number Publication date
CN108293054A (en) 2018-07-17
US20190222573A1 (en) 2019-07-18
WO2017105626A1 (en) 2017-06-22
US10291610B2 (en) 2019-05-14
AU2016372661A1 (en) 2018-05-10
RU2018125933A3 (en) 2020-04-16
US10681043B2 (en) 2020-06-09
EP3391617A4 (en) 2018-12-26
EP3391617A1 (en) 2018-10-24
US20170171195A1 (en) 2017-06-15
RU2018125933A (en) 2020-01-16

Similar Documents

Publication Publication Date Title
CN108293054B (en) Electronic device and method for biometric authentication using social network
CN108352024B (en) Server-based biometric authentication
AU2015247929B2 (en) Systems, apparatus and methods for improved authentication
US10909539B2 (en) Enhancements to transaction processing in a secure environment using a merchant computer
US20170364920A1 (en) Security approaches for virtual reality transactions
RU2556453C2 (en) System and method for authentication of transactions without car with help of mobile device
US20170243225A1 (en) Systems and methods for using multi-party computation for biometric authentication
US10387632B2 (en) System for provisioning and allowing secure access to a virtual credential
AU2010306566A1 (en) Anti-phishing system and method including list with user data
US10489565B2 (en) Compromise alert and reissuance
US12003508B2 (en) Systems, methods, and computer program products for authenticating devices
CN112823368A (en) Tokenized contactless transactions via cloud biometric identification and authentication
US20230022797A1 (en) Use of web authentication to enhance security of secure remote platform systems
US10580000B2 (en) Obtaining user input from a remote user to authorize a transaction
US20170243224A1 (en) Methods and systems for browser-based mobile device and user authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant